Re: Pointless to use non-md5 for makepkg INTEGRITY_CHECK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, Jan 12, 2009 at 2:22 PM, Aaron Schaefer <aaron@xxxxxxxxxxxxxx> wrote:
> Once that patch gets pushed to the public, what do people think about
> switching over to sha256 as a default instead of md5 due to potential
> collision/security issues?

Haven't we been over this like a hundred times? md5sums are not used
for security. Not ever. Nope. Nada.

We use them solely to detect whether or not the download completed as
expected. And sha256 is going way overboard here.
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux